Forum Discussion
Altocumulushelp custom policy brute force attack asm!!
NoctilucentYes, you need to identify the user someway.
If you cannot do it with the email or another field in the form, I recommend you to modify the html to include a hidden field with information of the user (maybe cookie or something else).
Let me know if this helps.
KR,
Dario.
Altocumulus
I find it interesting to do it by irule, I am trying to think in the appropriate way to do it, I understand that the http protocol is stateless so I suppose that for each search of an account a new connection is initiated, I know that I must call the http_request event to to be able to use the logic of finding the resource that I want to limit.
but how can I save in a variable that counts the number of queries to that resource, if in each request a new CLIENT_ACCEPTED event is executed {, will I have to validate it with the coockie?
